locked
Certificates for Integration Runtime RRS feed

  • Question

  • Hi

    Requirements to use  TLS/SSL certificates for securing communications between integration runtime nodes.

    https://docs.microsoft.com/en-us/azure/data-factory/create-self-hosted-integration-runtime#tlsssl-certificate-requirements

    Can I purchase an SSL Cert for each node in the IRT environment from a 3rd party provider and install cert on each node of irt environment. I'm limited in regards to the types of certificates I can use - Documentation states SAN not supported and wild card certificates are not allowed by the customer.

    Any help would be greatly appreciated

    Regards

    Raymond



    RDunne76

    Monday, March 25, 2019 12:22 PM

All replies

  • Hello Rdunne 76 and thank you for your question.  I believe as long as the Certificate Authority is publicly trusted, you can do that.

    Another user had a similar question.  If you are interested, you can read bout it.

    Monday, March 25, 2019 7:43 PM
  • Hi Martin

    Many thanks for your response. In regards to the "similar question", thats very helpful. The response included a comment saying that internal PKI will work also. Is internal PKI officially supported as this would be my preference

    "internal CA is ok, all Self-Hosted IR need is a cert which trusted on the machine. So you can use both public CA & Internal CA."

    Raymond


    RDunne76


    • Edited by Rdunne76 Tuesday, March 26, 2019 11:58 AM
    Tuesday, March 26, 2019 11:54 AM
  • I'm sorry, I don't see where "internal PKI" was mentioned.  The closest I saw was

    1. ...
    2. Actually we try to load cert from localmachine/my, which required private key.

    Wednesday, March 27, 2019 5:18 PM
  • I think it is.
    Friday, March 29, 2019 9:04 PM